Commit graph

101 commits

Author SHA1 Message Date
Daeho Jeong
81ba5bcf1c vold: add gc period in setGCUrgentPace am: 7c788fc3e9
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/2032446

Change-Id: I691c355f6eb91f83af0b4bbdade10bd67ceb62a3
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
2022-03-25 22:47:17 +00:00
Eric Biggers
b3ea454002 Remove FDE methods from binder interface
Now that none of these methods are used anymore, we can remove them.
Also remove the related constants.

Bug: 208476087
Change-Id: I1f56c8e05fb3fba09aab4bf5f8609b0f552b8999
2022-03-21 05:11:21 +00:00
Daeho Jeong
7c788fc3e9 vold: add gc period in setGCUrgentPace
To make gc period changable, added a new gcPeriod parameter to
setGCUrgentPace.

Test: adb shell device_config put storage_native_boot smart_idle_maint_period 10
Bug: 202283480
Bug: 181079477
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I4e44a80ea5b51d9a7cde69d25e129dd0673b271f
2022-03-18 12:56:17 -07:00
Eric Biggers
90a305232e Remove HardwareAuthToken parameters from binder interface
These are no longer used.

Test: atest com.android.server.locksettings
Bug: 184723544
Change-Id: I6160d30deb138a5366532de84cbf6f02cbc69b8c
(cherry picked from commit 5bb9faab49)
Merged-In: I6160d30deb138a5366532de84cbf6f02cbc69b8c
2022-03-15 01:26:08 +00:00
Eric Biggers
7e79a43a72 Remove broken code for mounting encrypted OBB files
Mounting encrypted OBB files has never worked reliably across devices,
partly due to its reliance on Twofish encryption support in the kernel.
This is because Twofish support (CONFIG_CRYPTO_TWOFISH) has never been
required or even recommended for Android.  It has never been enabled in
GKI, but even before GKI it wasn't required or recommended.  Moreover,
this is now the only Android feature that still uses dm-crypt
(CONFIG_DM_CRYPT), and some devices don't have that enabled either.

Therefore, it appears that this feature is unused.  That's perhaps not
surprising, considering that the documentation for OBBs
(https://developer.android.com/google/play/expansion-files) says that
they are deprecated, and also it explains OBBs as being app files that
are opaque to the platform; the ability of the platform to mount OBBs
that happen to be in a particular format is never mentioned.  That means
that OBB mounting is probably rarely used even with unencrypted OBBs.
Finally, the usefulness of OBBs having their own encryption layer (in
addition to what the platform already provides via FBE) is not clear
either, especially with such an unusual choice of cipher.

To avoid the confusion that is being caused by having the broken code
for mounting encrypted OBBs still sitting around, let's remove it.

Test: atest StorageManagerTest # on Cuttlefish
Test: atest StorageManagerIntegrationTest # on Cuttlefish
Bug: 216475849
Change-Id: Iaef32cce90f95ea745ba2b143f89e66f533f3479
2022-03-01 21:19:18 +00:00
Daeho Jeong
999fceb07c Add interfaces required by smart idle maintenance service
Added interfaces required by smart idle maintenance service in
StorageManagerService, whose goal is to determine when to trigger
filesystem defragmentation while keeping the best user experience
as long as possible, and avoiding hurting UFS lifetime.

Test: check smart idle maintenance log every hour
Bug: 202283480
Bug: 181079477
Signed-off-by: Daeho Jeong <daehojeong@google.com>
Change-Id: I012cfb9b01e5d21ec71700c3c52ac9c096cd1a90
2022-01-12 10:54:37 -08:00
Youkichi Hosoi
2991cbe49f Split MOUNT_FLAG_VISIBLE into MOUNT_FLAG_VISIBLE_FOR_{READ, WRITE}
IVold.MOUNT_FLAG_VISIBLE is split into MOUNT_FLAG_VISIBLE_FOR_READ and
MOUNT_FLAG_VISIBLE_FOR_WRITE.
Accordingly, VolumeBase::MountFlags::kVisible is split into
kVisibleForRead and kVisibleForWrite.

Bug: 206019156
Test: m
Change-Id: Ia55673400d9f713f221650e1335a46ba11f6f027
Merged-In: Ia55673400d9f713f221650e1335a46ba11f6f027
2021-11-25 13:04:45 +09:00
Songchun Fan
0e53c1cdb0 [vold] pass along sysfs name in setOptions
Ignore-AOSP-First: Will cherry-pick to AOSP

BUG: 187308584
Test: atest CtsContentTestCases:android.content.pm.cts.PackageManagerShellCommandIncrementalTest#testInstallWithIdSigNoMissingPages
Change-Id: Iacfe6b735458051f2848b1b766c2b00198b397d9
2021-05-10 16:22:40 -07:00
Songchun Fan
046e68abd6 [vold] pass sysfs_name to mount options
Ignore-AOSP-First: Will cherry-pick to AOSP

Test: manual
BUG: 184844615
Change-Id: I216210132f49f55098c0f2d1b8d4e571b22cfcc4
2021-04-29 08:35:43 -07:00
Eric Biggers
23d93638c5 Merge "vold: add getUnlockedUsers() method to Binder interface" into sc-dev 2021-04-13 17:52:02 +00:00
Eric Biggers
1799debfd6 vold: add getUnlockedUsers() method to Binder interface
This is needed so that system_server can remind itself about which users
have their storage unlocked, if system_server is restarted due to a
userspace reboot (soft restart).

Bug: 146206679
Test: see I482ed8017f7bbc8f7d4fd5a2c0f58629317ce4ed
Change-Id: I02f0494d827094bd41bcfe5f63c24e204b728595
2021-04-08 12:29:57 -07:00
Alex Buynytskyy
dcfeaa1d76 Adding an option to shorten the read timeout.
E.g. during installation to protect the system.

Ignore-AOSP-First: this depends on changes to framework and/or incfs and does not make sense without them. We'll merge it at a single large scale merge later.

Bug: 160635296
Test: atest PackageManagerShellCommandTest PackageManagerShellCommandIncrementalTest IncrementalServiceTest PackageManagerServiceTest ChecksumsTest

Change-Id: I5851e1e9dbc8e8c2b331c407002cf7133bf6e35a
2021-04-08 09:58:15 +00:00
Abhijeet Kaur
e715ec1364 Remove unused mount modes and re-number the modes for consistency
Also, add REMOUNT_MODE_ANDROID_WRITABLE to return "/mnt/runtime/write".

Bug: 148454884
Test: builds
Change-Id: I5a38c88f46034c494604bb001cf4d4c400c8f73e
2021-02-24 14:52:37 +00:00
Seth Moore
5a43d61e66 Add support for binding storage encryption to a seed
With this change, vold exposes an API that may be used to bind key
storage encryption keys to a given seed value. The seed value passed to
vold must be consistent across reboots, or key storage keys will not be
derived consistently. The seed is expected to be set very early in boot,
prior to the use of any key storage encryption keys.

This feature is intended to be used for embedded applications such as
in autos, where the seed may be provided by some other component of the
system. In such systems, there is a default user that is automatically
signed in without a PIN or other credentials. By binding the file
encryption to a platform-provided seed, the default user's data gains
additional protection against removal of the Android embedded device
from the integrated system.

Bug: 157501579
Test: Set seed at startup via init.rc. Seed changes fail as expected.
Change-Id: I9b048ec5e045b84c45883724ace2356d4ef6244d
2021-01-26 21:30:19 +00:00
Ricky Wai
a2ca11e49b Add a method in vold to unmount app data and obb dir for testing
This new method will be used in new sm command.
Tests can use this so data and obb dirs are unmounted, and won't
be killed when volume is unmounted.

Bug: 148049767
Test: New sm command able to unmount app's data and obb dirs
Change-Id: Ifbc661ca510e996abd4b7ce1fb195aaa7afc37ad
2021-01-18 13:47:44 +00:00
Alan Stokes
c0e870af67 Merge "Remove ro.vold.level_from_user." 2021-01-12 11:17:50 +00:00
Alan Stokes
e0b7f306c1 Remove ro.vold.level_from_user.
This is on everywhere, we no longer have any need for it.

Fix: 171462631
Test: Presubmits
Change-Id: I240361619acafeee6cac383037887e15a46c0c38
2021-01-05 09:49:24 +00:00
Jaegeuk Kim
0c52c7125f Let vold format the encrypted partition
Bug: 172378121
Signed-off-by: Jaegeuk Kim <jaegeuk@google.com>
Change-Id: I03997eb4cbf25a80e36ea738c50e0adb7f4013dd
2020-12-22 11:28:50 -08:00
Ricky Wai
bbfb6ea1ac Check if storage app data and obb directories exist in vold
As storage is not mounted in system server, we use vold
to check if storage app data and obb directories exist instead.

We add a method in vold so it only creates app data and obb dirs
if dirs do not exist to speed up app starting time.

Bug: 160336374
Test: Data and obb directories are created when a new app is started
Change-Id: I1bd784d9c9e05463f71433fc782ac4e0c831cbf1
2020-12-03 15:38:03 +00:00
Martijn Coenen
eed957f6a4 Call earlyBootEnded from vdc.
This allows us to determine the place where early boot ends from init.
It also allows fixing a bug where early boot wasn't ended previously on
devices without metadata encryption.

Bug: 168585635
Bug: 173005594
Test: inspect logs
Change-Id: I78775672a7d3c140e007235a10fb1d1bc816fcee
2020-11-12 11:03:27 +01:00
Yo Chiang
0af25a3a98 Add IVold::destroyDsuMetadataKey()
destroyDsuMetadataKey() / destroy_dsu_metadata_key() calls
android::gsi::GetDsuMetadataKeyDir() to query the DSU metadata
encryption key dir and destroy the key.
This releases the resource and allows consecutive DSU installations to
use the same key *directory*, but not the same key *blob*.

Bug: 168571434
Test: 1. Install a DSU system.
  2. Boot the DSU system and reboot back to the host system.
  3. Wipe the DSU installation.
  4. DSU metadata key dir /metadata/vold/metadata_encryption/dsu/dsu is
     destroyed.
Change-Id: Ib851177315a5a266807f46ccfd446de1848232cf
2020-10-13 16:00:43 +08:00
Alan Stokes
be3db7b7ae Enable vold to set level from user.
We want various per-user directories to have their SELinux MLS level
set to restrict access from other users, as an improvement to user
isolation.

We extend vold_prepare_subdirs to implement this if a flag is
set. vold itself then sets the flag based on a new property,
ro.vold.level_from_user. This is to allow testing of further
incremental work to ensure system apps correctly handle the new
restriction on different devices rather than causing immediate
breakage. Eventually this will go away and the restriction will apply
everywhere.

Bug: 141677108
Test: Manual, with and without propery set.
Change-Id: I8e2207bd94b487bdcc09fd4d80b031027dfea1e3
2020-10-02 14:49:25 +01:00
Eric Biggers
4cd238b900 Merge "vold: remove checkEncryption" am: 2d9777bfbf am: 15c0d3e5d0
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1363339

Change-Id: I23b9a01632b61a92896ae83e2152fa047dd85c48
2020-07-16 21:00:33 +00:00
Eric Biggers
b7a14053c3 vold: remove checkEncryption
The testing-only "checkEncryption" command has been replaced with
VtsKernelEncryptionTest [1].  In particular, the metadata encryption
documentation [2] no longer mentions checkEncryption but rather
recommends running VtsKernelEncryptionTest.  Also, checkEncryption
hasn't really been maintained, and it has some known bugs; it's unclear
that many people ever really used it.

So, just remove it.

[1] https://android.googlesource.com/platform/test/vts-testcase/kernel/+/refs/heads/master/encryption/
[2] https://source.android.com/security/encryption/metadata#tests

Bug: 155037012
Change-Id: I258829c60768fd11aafdf2faad956cecc1ae9826
2020-07-15 11:21:33 -07:00
David Anderson
026ae1a9ac Merge "Add an isCheckpointing() binder call for adb remount." am: b50480bb96 am: 60e41b7084
Original change: https://android-review.googlesource.com/c/platform/system/vold/+/1330854

Change-Id: I0aa0536cfd33f189525115efa07e49930f53b79a
2020-06-18 22:15:56 +00:00
David Anderson
23850d30f6 Add an isCheckpointing() binder call for adb remount.
This is needed so "adb remount" can avoid writing to /data during a
checkpoint.

Bug: 157540389
Test: manual test
Change-Id: I33a691da3b99343acfc1e8ddf68a14504c3bfbe1
2020-06-10 23:52:25 -07:00
Martijn Coenen
23c0445355 vold: Support aborting FUSE connections.
This can be done through binder as well as vdc, using 'vdc volume
abort_fuse'.

Bug: 153411204
Test: adb shell vdc volume abort_fuse
Change-Id: I93e46dc1cd361729cc1162c63520cf73152ea409
2020-05-28 16:07:16 +02:00
Alex Buynytskyy
91e0bf4998 Checking LOADER_USAGE_STATS before enabling read logs.
Bug: b/152633648
Test: atest PackageManagerShellCommandTest PackageManagerShellCommandIncrementalTest
Change-Id: I29bf16d06a013566c8dd08e64be2a23ad805e37d
2020-03-31 16:28:30 -07:00
Yurii Zubrytskyi
d05bcc8070 Expose new IncFS interface through Vold
CL is a part of multi-repository topic and will be merged
to AOSP

Bug: 146080380
Test: manual

Change-Id: I09b33a34ff1ac7f6e415b7bd090c22e7df24d72d
Merged-In: I09b33a34ff1ac7f6e415b7bd090c22e7df24d72d
2020-03-24 14:26:27 -07:00
Ricky Wai
6b12257702 Make storage dirs remount fork() safe
Also, use the pids provided by system server to remount all existing
processes, so we don't need to do the heavy and unreliable scanning in
/proc anymore.

Bug: 149548518
Test: atest AdoptableHostTest
Change-Id: Ifb5b79a3bc5438f36e0d61ec8aec96bdbc60ca13
2020-03-12 18:16:27 +00:00
Martijn Coenen
816f4d94f6 Add fixupAppDir() API.
This can be used to fixup application directories in case they have been
created by some other entity besides vold; the main use case for this
API right now is OBB directories, which can be created by installers
outside of vold; on devices without sdcardfs, such directories and the
files contained therein are not setup correctly. This API will make sure
everything is setup the way it needs to be setup.

Bug: 146419093
Test: inspect OBB dir after install
Change-Id: I2e35b7ac2992dbb21cc950e53651ffc07cfca907
2020-02-19 12:11:34 +01:00
TreeHugger Robot
dd85fe2e5e Merge "Add disk for StubVolume" 2020-02-14 04:35:15 +00:00
Martijn Coenen
8a68a075a2 Remove appDirRoot argument from setupAppDir.
This is no longer needed, because vold can deduce this itself now.

Bug: 146419093
Test: builds
Change-Id: Ib4f4a4109919af683722a63b305b343ef5fe972d
2020-02-12 15:38:45 +01:00
Risan
82e90de23d Add disk for StubVolume
StubVolume is a volume type for ARC++ external storage. Named StubVolume
because it is managed from outside Android (not through Android kernel).

Previously, StubVolume is a diskless volume. However, as mentioned in
jsharkey@ email, a disk is needed for StubVolume to hold "kInternal"
(external storage type that is "external" from Android perspective,
but is "internal" to the device. For example shared directory from
ChromeOS to Android) and "kIndexable" (whether or not a disk should be
indexed by MediaStore).

The addition of disk means we could expose the createStubVolume API to
add a disk flags, which is also introduced in this CL.

Both kInternal and kIndexable will be introduced in separate CL.

Bug: 132796154
Test: Mount/unmount ARC++ removable device in ChromeOS.
Change-Id: I8b77fa1cf50ab38a2892272154dafdb78f079378
2020-02-12 07:42:40 +00:00
Yurii Zubrytskyi
3497cb5be5 Expose new IncFS interface through Vold
CL is a part of multi-repository topic and will be merged
to AOSP

Bug: 146080380
Test: manual

Change-Id: I09b33a34ff1ac7f6e415b7bd090c22e7df24d72d
2020-01-27 22:26:37 -08:00
Barani Muthukumaran
b1927c2a0a vold: Do not cache CE keys in vold
CE keys were cached in vold to support untrusted reset
by a device admin, this is now supported by Locksettingservice
using synthetic password. This change requires a secret to be
provided to retrieve the CE key and re-wrap without the secret
when user removes the credential.

Test: Set credential, remove credential, swipe to none
and vice-versa.
Bug: 26948053
Merged-In: I4cb1c035a472477e70c1ff5bf0b2c3fcfad495e5
Change-Id: I4cb1c035a472477e70c1ff5bf0b2c3fcfad495e5
2020-01-24 00:20:22 +00:00
Paul Crowley
e3d2051668 Merge "vold: Do not cache CE keys in vold" 2020-01-19 21:58:02 +00:00
Barani Muthukumaran
9ad51adeb9 vold: Do not cache CE keys in vold
CE keys were cached in vold to support untrusted reset
by a device admin, this is now supported by Locksettingservice
using synthetic password. This change requires a secret to be
provided to retrieve the CE key and re-wrap without the secret
when user removes the credential.

Test: Set credential, remove credential, swipe to none
and vice-versa.
Bug: 26948053
Change-Id: I4cb1c035a472477e70c1ff5bf0b2c3fcfad495e5
2020-01-16 12:16:25 -08:00
Martijn Coenen
b52eb85297 Add REMOUNT_MODE_ANDROID_WRITABLE.
Constant to indicate a regular scoped storage view, with the sole
exception that Android/ should be writable.

Bug: 134706060
Bug: 146490513
Test: builds
Change-Id: Ifbcd4fd912ed4cc18d7c6e3eab2c582bc862e10c
2020-01-08 15:04:21 +01:00
Martijn Coenen
13ff668775 Replace mkdirs() with setupAppDir().
vold historically offerred functionality to create directories on behalf
of others. This functionality was purely used to create app-specific
data/obb/media dirs. Make this more explicit by renaming the method to
indicate this.

Additionally, in the past, we never needed to care about the UID set on
these directories, because sdcardfs would take care of that for us
automatically. But with sdcardfs going away, we need to make sure the
UID of the app-specific directories is set correctly. Allow the caller
to pass this in as an argument.

Bug: 146419093
Test: atest FuseDaemonHostTest
Change-Id: Ibeb5fdc91b40d53583bc0960ee11c4d640549c34
2019-12-31 15:58:41 +01:00
Songchun Fan
0583015a57 Merge "[incremental] use vold to mount/unmount IncrementalFileSystem" am: 6bdfb77d8b am: a0945f468a
am: 1119bc8531

Change-Id: I772667d5c43cdf1ff37b156db9f47b61820433c7
2019-12-06 01:16:26 -08:00
Songchun Fan
ab55cecdc1 [incremental] use vold to mount/unmount IncrementalFileSystem
Let vold mount IncFs onto directories under data and open control files.

Test: builds
Change-Id: Ibd96aae254b4fefaf56c9d549c4672a987c46221
2019-12-04 14:01:22 -08:00
Zim
9d1425c09b Allow null IVoldMountCallback in Vold#mount
Test: m
Bug: 145231499
Change-Id: I51cb4424d821078a3604d5b3a42e99d3aaf658c3
2019-11-27 18:16:25 +00:00
Zim
5048b4b2bc Add mount callback
Mounting a FUSE path needs two steps:
1. Mounting the filesystem
2. Starting the FUSE session in the FUSE daemon

The second part requires retriving an fd from (1) and the mount paths
and passing it to the FUSE daemon.

Previously, we'd return from the Vold mount call and mark the volume
as mounted while we scramble to do (2). This means there's a time
period where the Volume is marked as MOUNTED but not actually ready
and any IO access on the paths will hang forever. This could also be
misleading when interpreting bug reports.

Now, we block the Vold mount call until the FUSE session is started

Test: atest AdoptableHostTest
Bug: 144275217

Change-Id: I45238a31df71286f67ef1c65c711d0085d72e97f
2019-11-22 17:06:04 +01:00
Zim
a438b24368 Fix multi-user and multi-storage with FUSE
Up until now, the FUSE mount logic has made two assumptions:
1. The primary external volume is an emulated volume on /data/media
2. Only the primary user is running, as user zero

These assumptions are fixed by the following changes
creating an EmulatedVolume per Android user and changing the
VolumeBase id format to append the user to the id, so
s/emulated/emulated-0/. This allows us mount separate volumes per user

Some additional refactorings to re-use/clean up code.

Test: adb shell sm set-virtual-disk and partition disk operations work
even after setting up a work profile
Bug: 135341433

Change-Id: Ifabaa12368e5a591fbcdce4ee71c83ff35fdac6b
2019-11-11 20:24:49 +00:00
Nikita Ioffe
7a04dfe86d Merge "vold: implement resetCheckpoint" am: 4eeebff8d5 am: e182b26d64 am: 3631ac59fd
am: 3ec81f1059

Change-Id: I00ce96ee4c6c6f729c5335a04aee08712ee4ae91
2019-10-18 15:37:54 -07:00
Nikita Ioffe
a5798fc115 vold: implement resetCheckpoint
It will be used by userspace reboot to reset checkpoint state, to make
sure that when /data is remounted, it will be remounted in checkpointing
if a checkpoint was requested beforee userspace reboot.

Test: /system/bin/vdc startCheckpoint 1
      /system/bin/vdc needsCheckpoint (returns 0)
      /system/bin/vdc resetCheckpoint
      /system/bin/vdc needsCheckpoint (returns 1)

Bug: 135984674
Change-Id: Ia29238686289b4eed93e2fb936a8b3d894b94dc9
2019-10-12 00:43:04 +01:00
Zim
981222f500 Bind mount lower filesystem during FUSE mount
When mounting a FUSE device on /mnt/user/<userid>/<vol>,
bind mount the correspoinding lower filesystem path to
/mnt/pass_through/<userid>/<vol>. At Zygote fork time, an
app with the right privilege will have the pass_through path
bind mounted into /storage instead of the /mnt/user path.

This provides such an app direct access to the lower filesystem
without going through FUSE.

Bug: 140064376
Test: mount(8) shows /mnt/pass_through/0/emulated is a bind
mount of the lower fs

Change-Id: I32c3cad64138910fcec9fb8f66b206706b5fd139
2019-09-24 10:39:13 +01:00
Zim
3623a212e3 Mount /dev/fuse on /mnt/user/<userid>/<volumeid>
Since system_server cannot mount devices by itself,
add a binder interface to vold that system_server
can call to initiate this mount when required.

BUG: 135341433
Test: manual
Test: atest --test-mapping packages/providers/MediaProvider
Test: ExternalStorageHostTest DownloadProviderTests

Change-Id: If4fd02a1f1a8d921a3f96783d8c73e085c5b7ca1
2019-08-28 10:49:27 +01:00
Paul Lawrence
4ad86a9315 Merge "Make ext4 userdata checkpoints work with metadata encryption" am: 2c792e0720
am: 5f19ef31c8

Change-Id: I7da7077c70484cb5873b9316058bc73158c19ab6
2019-06-27 11:03:03 -07:00